The ability for a hospital information network to interact with clinicians while they are located at the point of care (POC), e.g., at a patient's bedside, is recognized as having the potential to dramatically reduce the incidence of certain medical complications. Specifically, studies estimate that significant benefits are likely to arise through the provision of “computerized physician order entry” (CPOE), which consists of allowing clinicians (e.g., doctors, nurses, orderlies) to place orders (e.g., prescription, blood test, clean towel, etc.) combined with the deployment of real-time Decision Information and Support Tools (DIST) to alert the clinician to potential issues, delivered to the clinician via a bedside location in the vicinity of the patient being treated. This simple yet elusive paradigm, dubbed “CPOE at the POC”, has the potential effect of reducing human error due to temporary memory loss and mistakes in transcription by clinicians or clerical staff, since the terminal is at the patient-clinician interaction site and human memory or scribbled notes are not needed to retain the data until entry during a subsequent data entry session at a somewhat remote location. In addition, when coupled with real-time decision information support tools (DIST), CPOE provides physicians with an additional level of assurance that their diagnosis or treatment plan is within generally accepted parameters.
For background reading on the CPOE at the POC paradigm and its predicted impact, the reader is referred to the following references, incorporated by reference herein:                Clinical Decision Support—Finding the Right Path, by J. Metzger, D. Stablein and F. Turisco, First Consulting Group, September 2002        Computerized Physician Order Entry: Costs, Benefits and Challenges—A case Study Approach, by First Consulting Group for Advancing Health in America and the Federation of American Hospitals, January 2003        Leapfrog Patient Safety Standards—The Potential Benefits of Universal Adoption, by J. D. Birkmeyer, The Leapfrog Group, November 2000        Computerized Physician Order Entry: A Look at the Vendor Marketplace and Getting Started, by J. Metzger, F. Turisco, First Consulting Group, December 2001        A Primer on Physician Order Entry, by First Consulting Group for the California Healthcare Foundation, Oakland, Calif., September 2000        
One effect of implementing CPOE at the POC is a proliferation of access points to the hospital information system (HIS). Whereas in a conventional hospital environment, access to the HIS may be gained through terminals strategically located in a limited number of relatively secure locations at ward nursing stations, ward corridors, operating rooms and examination rooms, under the “CPOE at the POC” paradigm there may be hundreds of access points to the HIS since access is to be provided at the point of clinician-patient interaction. It becomes quickly apparent why a major concern with implementing CPOE at the POC lies is in the area of data security and privacy. More specifically, a valid concern is raised regarding the potential availability of sensitive clinical information at a variety of access points, not all of which can be guarded simultaneously or with the same effectiveness. Not only is it apparent that the physical theft of any device containing confidential medical information may inconvenience or harm the patient but, in addition to losing a physical asset in the device itself, the healthcare facility may be faced with sanctions and/or lawsuits, should the contents of the stolen records be made public or if there are reasonable grounds to believe that they will be made public. Moreover, the potential for theft of physical devices and sensitive data, along with the consequences such theft entails, becomes even greater in the mobile version of CPOE, known as MPOE, where clinicians communicate with the HIS through portable wireless devices, whose whereabouts are clearly more difficult to track on a constant basis.
Thus, there remains a need in the healthcare industry for protecting the confidential nature of clinical data in a CPOE or MPOE environment, where there is a risk of theft, or where there is a risk that the terminal will be temporarily or permanently moved outside the control of the hospital IT system or staff, whether outside or inside the hospital.